<font color="#888888"><span style="color: rgb(0, 0, 0);">Hi </span><b style="color: rgb(0, 0, 0);">Jouni Malinen,<br></b><span style="color: rgb(0, 0, 0);">Thanks for your reply ,<br>I want to decrypt the WPA2 data flowing between supplicant and AccessPoint,<br>
For this i need the DERIVE PMK,<br>So far i have derived <b>Master-secret</b> and <b>Key_block</b> for TLS, & <b>Tunnel Key</b> for PEAP<br>Which key would lead me to Parwise Master Key(<b>PMK</b>),<br><br>The client is configured to connect to WPA2 AccessPoint with <b>PEAP-MS-CHAPv2</b>,<br>
<br>If i need to debug using supplicant,<br>Can you mention any Live CD present for testing,<br>For radius server I have ZEROSHELL as live CD of radius server.<br><br>Regards<br>Harsha<br></span><br>
</font><br><div class="gmail_quote">On Tue, Jun 16, 2009 at 11:35 PM, Jouni Malinen <span dir="ltr"><<a href="mailto:j@w1.fi" target="_blank">j@w1.fi</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div>On Tue, Jun 16, 2009 at 01:45:49PM +0530, Harsha gowda wrote:<br>
<br>
> I want to decrypt the TLS tunnel data,<br>
> So far i have extracted client Key exchange message.<br>
> Which has pre master Key,Decrypted with Root Private Key,<br>
> Got 48 bytes of<br>
> (MK)*Master_key*=PRF(Pre-Master-Key,"*master key*<br>
> ",Client.random|Server.random).<br>
><br>
> And derived 64 bytes<br>
> (TK)*TunnelKey* (Master-Key,"*Client EAP encryption*<br>
> ",Client.random|Server.random)<br>
><br>
> Which is the key to encrypt/decrypt TLSV1 application data.<br>
><br>
> Is tunnel Key is used to encrypt decrypt data.<br>
<br>
</div></div>The master key is used to derive a set of keys and related values<br>
("key_block") and those keys/parameters are used to encrypt/decrypt TLS<br>
records.<br>
<br>
The key you call TK (the 64 octet long key is the TLS PRF output) could<br>
be used, e.g., with WPA2-Enterprise as the PMK for 4-way handshake.<br>
However, since you call this TK, I would assume you are looking into<br>
PEAP cryptobinding case where this key is used to derive some additional<br>
key for binding the tunneled methods together.<br>
<br>
What are you trying to do? It would probably be easier to run through<br>
another authentication and just look at the supplicant (or<br>
authentication server) debug log to see what data was sent.. For<br>
example, wpa_supplicant can show you that data in the debug log.<br>
<font color="#888888"><br>
--<br>
Jouni Malinen PGP id EFC895FA<br>
_______________________________________________<br>
HostAP mailing list<br>
<a href="mailto:HostAP@lists.shmoo.com" target="_blank">HostAP@lists.shmoo.com</a><br>
<a href="http://lists.shmoo.com/mailman/listinfo/hostap" target="_blank">http://lists.shmoo.com/mailman/listinfo/hostap</a><br>
</font></blockquote></div><br><br clear="all"><br>-- <br>ಇಂತಿ <br>ಹರ್ಷ ಕೃ ಗೌಡ<br><br>